Actus Sécurité Confirmés 2011 S09

=> The Case of the Malicious Autostart. 26/02/2011. «Given that my novel, Zero Day, will be published in a few weeks and is based on malware’s use as a weapon by terrorists, I thought it appropriate to post a case that deals with malware cleanup with the Sysinternals tools. This one starts when Microsoft support got a call from a customer representing a large US hospital network reporting that they had been hit with an infestation of the Marioforever virus (…).»
Source : blogs.technet.com/b/markrussinovich/archive/2011/02/27/3390475.aspx
Billets en relation :
03/01/2008. 18.exe and friends (System File Patching – rootkit behavior), Backdoor.Win32.Agent.dpe : www.bluetack.co.uk/forums/index.php?showtopic=18183&mode=threaded
03/03/2011. Good IR Work : windowsir.blogspot.com/2011/03/good-ir-work.html

=> Langer Stuxnet Interview. 27/02/2011. «Ralph was the first to determine that Stuxnet is a directed cybersecurity attack against the kinds of Siemens control systems used to control nuclear centrifuges in Iran. Gary and Ralph discuss what’s involved in introducing the concept of cybersecurity to control systems engineers, how anti-virus vendors originally responded to the Stuxnet, as well as plenty of detailed technical info about the worm with an emphasis on its payload (…).»
Source : www.flyingpenguin.com/?p=10330
Billets en relation :
27/02/2011. Source : twitter.com/ericfreyss/statuses/41854825469583360

=> Write Once, Mobile Malware Anywhere. 28/02/2011. «The Zeus (Zbot) crimeware is sold to criminals as a complete toolkit for building custom Trojans, usually to steal banking logins. The Trojans are generally quite complex; injecting HTML into banking websites on the Internet Explorer and Firefox web browsers, intercepting keystrokes, and grabbing screenshots. Until a few months ago the Zeus infrastructure targeted only Windows PCs, but the adoption of certain security measures (mTANs sent via SMS) used by some banks caused the criminals to change their tactics (…).»
Source : blogs.mcafee.com/enterprise/mobile/write-once-mobile-malware-anywhere
Billets en relation :
03/03/2011. Take a sample, leave a sample. Mobile malware mini-dump : contagiodump.blogspot.com/2011/03/take-sample-leave-sample-mobile-malware.html

=> Evolving DDoS Botnets: 1. BlackEnergy. 28/02/2011. «BlackEnergy was a very popular DDoS bot a couple of years back. This bot has been under development and has evolved quite a bit over toward its more current successor, the Darkness bot (…).»
Source : blogs.mcafee.com/enterprise/network-security/evolving-ddos-botnets-1-blackenergy
Billets en relation :
01/03/2011. Evolving DDoS Botnets: 2. Darkness : blogs.mcafee.com/mcafee-labs/evolving-ddos-botnets-%E2%80%93-2-darkness

=> BlackHole RAT Eats Into Mac OS X. 01/03/2011. «BlackHole RAT is a backdoor Trojan targeting Mac OS X. It’s written in REALbasic, and it was discovered in December 21, 2010. But it was only recent days that it has gained the attention of security experts and the media (…).»
Source : blogs.mcafee.com/mcafee-labs/blackhole-rat-eats-into-mac-os-x

=> The malicious couple. 01/03/2011. «A few days ago, users who frequent some of the Russian websites that distribute software for smartphones and PDAs started complaining that virtually every new CAB file (i.e., Windows Mobile installation archives) contained two ‘extra’ executable files (…).»
Source : www.securelist.com/en/blog/388/The_malicious_couple

=> AgoBot Botnet Reverse Engineering From UIC : In Depth Analysis of Backdoor.AgoBot IRC Botnet. 01/03/2011. «Well, let’s start this new year with an IRC Botnet commonly identified as Backdoor.AgoBot. The aim of this paper is to show not only the Botnet itself, but also the Evolution of involved Droppers via a classical Reverse Engineering Approach. This time we will deal with .NET Targets, at the same time I want to show, from a classical Forensic point of view how informations can be carved out from such kind of Executables. Successively we will discuss about Generic Botnet Tracking process. In this way newbies should have a basical complete view of what’s involved into botnet research. (…).»
Source : quequero.org/AgoBot_Botnet_Reverse_Engineering
Billets en relation :
01/03/2011. Source : twitter.com/#!/gN3mes1s/status/42638863436492801

=> TDL4 and Glubteba: Piggyback PiggyBugs. 02/03/2011. «My colleague Aleksandr Matrosov today received an interesting sample of TDL4 from another of my colleagues, Pierre-Marc Bureau: this sample downloads and install another malicious program, Win32/Glupteba.D. (…).»
Source : blog.eset.com/2011/03/02/tdl4-and-glubteba-piggyback-piggybugs

=> ChronoPay’s Scareware Diaries. 03/03/2011. «If your Windows PC has been hijacked by fake anti-virus software or “scareware” anytime in the past few years, chances are good that the attack was made possible by ChronoPay, Russia’s largest processor of online payments (…).»
Source : krebsonsecurity.com/2011/03/chronopays-scareware-diaries/

=> Looking Into the Android/DRAD Bot. 04/03/2011. «For the past several years, we have seen a rapid rise of devices that access the Internet. This has also resulted in rise of various malware that target such devices. One of the most targeted of these devices are our web-savvy mobile phones (…).»
Source : blogs.mcafee.com/enterprise/mobile/analysis-of-androiddrad-bot

=> ZeuS lives!. 04/03/2011. «But from time to time I come across some rather unusual variants of the Trojan and I now have very good reason to believe that ZeuS is still to some extent being maintained and developed (…).»
Source : www.securelist.com/en/blog/399/ZeuS_lives
Billets en relation :
02/03/2011. Zeus – 6 ways in which it avoids analysis : www.trustdefender.com/trustdefender-labs-blog-zeus-6-ways-in-which-it-avoids-analysis.html
04/03/2011. ZeuS Targets Mobile Users : blog.trendmicro.com/zeus-targets-mobile-users/
04/03/2011. Zeus Malware Not Dead Yet, New Features Being Added : threatpost.com/en_us/blogs/zeus-malware-not-dead-yet-new-features-being-added-030411

=> Shorty Worm Spams Links, Hijacks Browsers. 04/03/2011. «A novel worm we’re calling Worm-IM-Shorty appears to be winding its way through Facebook and some instant messaging services, with its come-on disguised as a link to a photograph hosted elsewhere. But when recipients click the link, they receive an executable Trojan instead, dressed up with the name and icon of a JPEG image (…).»
Source : blog.webroot.com/2011/03/04/shorty-worm-spams-links-hijacks-browsers/

=> The BlackHole Fever Continues. 04/03/2011. «A mass injection campaign has been started by attackers who are using the BlackHole exploit kit, in which a number of high traffic influx websites are hacked and injected with an iframe that redirects users to a BlackHole server (…).»
Source : www.symantec.com/connect/ko/blogs/blackhole-fever-continues

=> Stuxnet. 05/03/2011. «France Inter émission 3D. Ce nouveau magazine est en direct et en public du Théâtre du Rond-point à Paris pour un traitement de fond de l’actualité de la semaine de façon transdisciplinaire. Parce que dans notre monde, tout événement, à l’instant où il se produit, interagit avec les autres, Stéphane Paoli analyse et décortique les faits. Une session d’information de 2 heures pour laquelle il s’appuie sur la réactivité et le savoir-faire de la rédaction de France Inter et invite, chaque dimanche, de nombreux invités en fonction de leurs expertises et leurs visions différentes et complémentaires (…) Invités: Eric Filiol, D. Ventre (…).»
Source : sites.radiofrance.fr/franceinter/em/journal-3D/avenir.php
Billets en relation :
28/02/2011. Stuxnet: boite de pandore ou coup de genie ? [programme PDF] : nanojv.files.wordpress.com/2011/02/stuxnet-boite-de-pandore-ou-coup-de-genie-conference-du-8-mars-20112.pdf
28/02/2011. Stuxnet: boite de pandore ou coup de genie ? – Conférence débat le 08/03 : nanojv.wordpress.com/2011/02/28/stuxnet-signature-0001/

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.

Navigation